The US government's Federal Risk and Authorization Management Program will let data centers be assessed remotely.
FedRAMP provides a standardized approach to security assessment for cloud services, with government agencies using the FedRAMP Marketplace to purchase cloud products.
But to ensure cloud providers meet the security requirements, Third Party Assessment Organizations (3PAOs) test the companies' offerings, including visiting the data center.
"These assessments are usually performed onsite, including the physical and environmental controls provided by data centers housing CSPs’ information technology resources," FedRAMP said.
"Due to the current safety guidelines from the Centers for Disease Control and Prevention (CDC) for Covid-19, however, 3PAOs may be permitted to perform the testing of certain data centers remotely."
The 3PAO will have to ask for permission from the Authorizing Official or a delegated party to perform remote testing.
"All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing."
The strategy will be periodically revisited, and likely scrapped once Covid-19 subsides.